[Ndn-interest] Complete trust management from scratch in ndn-cxx

Matteo Bertolino Matteo.Bertolino at eurecom.fr
Mon Oct 16 11:49:16 PDT 2017 

Hello,
why do you have the "//" in each line of the validator?
I am by phone so I cannot provide you easily a good answer, but you  
can find a completed and commented use case  here:  
https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf

Section 3. Write me if u need some clarifications.
Matteo


Quoting Micha? Król <m.krol at ucl.ac.uk>:

> Dear all,
>
> I'm struggling with setting up a simple trust/security system in NDN. I
> find it difficult to find an updated set information that will work for
> all system components. Please correct me if I misunderstood something.
>
> I have a very simple scenario: one producer and one consumer on one
> machine. I want to have a central entity (root) and a publisher
> (publisher) that will be allowed to publish trusted content.
>
> I first create the root certificate using ndnsec and selfsign it: /
> /
>
> /    ndnsec-key-gen -n /root//
> /
>
> /    ndnsec-sign-req /root > root.cert/
>
> Next I create a certificate for the publisher and sign it using the root
> certificate:
>
> /   ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert//
> //   ndnsec-cert-gen -S 201510080000 -E 202010080000  -s /root -i
> /root/publisher -r unsigned_publisher.cert  > publisher.cert/
>
>
> I then used the publisher identity to sign the data:
>
> /    m_ident = m_keyChain.createIdentity(Name("/root/publisher"));//
> //    m_info = ndn::security::SigningInfo(m_ident);/
>
> /    m_keyChain.sign(*data, m_info);/
>
> On the consumer side I use a validator to validate data:
>
> /    m_validator->load("sample.cfg");/
>
> /    m_validator->validate (data,//
> //            ndn::bind(&Consumer::onValidated, this, _1),//
> //            ndn::bind(&Consumer::onValidationFailed, this, _1, _2));/
>
>
> I want to trust everything signed with the publishers key. The
> sample.cfg is:
>
> /    rule//
> //    {//
> //      id "Sample Rule"//
> //      for data//
> //      filter//
> //      {//
> //        type name//
> //        name /root/publisher//
> //        relation is-prefix-of//
> //      }//
> //      checker//
> //      {//
> //        type hierarchical//
> //        sig-type rsa-sha256//
> //      }//
> //    }//
> //
> //    trust-anchor//
> //    {//
> //      type file//
> //      file-name "root.cert"//
> //    }/
>
>
> Now, when I launch the consumer, it issues an interest, gets the data,
> issues another interest to get the key
> (/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but
> ends up with an error:
>
> /    Malformed certificate (Name does not follow the naming convention
> for certificate). /
>
>
> My question is now, is it how I'm supposed to do this? If yes, what's
> the problem here? If not, is there any example tutorial, walking through
> the all steps of managing trust in NDN (ndnsec, app, validator)?
>
> Thanks in advance,
>
> Micha?
>
>



-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr

More information about the Ndn-interest mailing list